Sunday, January 26, 2014

The Solution to Credit Card Data Theft

There have been a number of recent stories about mass thefts of credit card data, most notably one at Target that may have involved more than a hundred million customers. An obvious response for customers is to pay with cash, but that is inconvenient for large purchases and unworkable online.

A better solution, especially for online purchases, would be some form of ecash, some digital equivalent of currency. The only such currently available is Bitcoin, which is not yet widely accepted by merchants, although that may change—Overstock.com recently announced that it would accept bitcoins. It is not an anonymous currency—I have described it, I think correctly, as the least anonymous currency ever invented—although there are mechanisms that have been proposed to change that. But if your worry is not that other people will know what you are buying but that they will get access to your credit or bank account, Bitcoin looks like a workable solution.

An alternative, already well established, is Paypal. That does not entirely solve the problem, since Paypal itself has your credit information, but using Paypal for your payments means relying on the security precautions of one firm rather than every firm you deal with.

A better solution would be an anonymous digital currency along the lines proposed many years ago by David Chaum, ideally one denominated in dollars—the market value of bitcoins fluctuates widely, which some users would find inconvenient. The disadvantage of that mechanism, in contrast to Bitcoin, is that it require an issuer, a bank that users of the money are willing to trust to redeem it. That probably means a bank in a reasonably stable first world country. The governments of such countries are not eager to permit a form of currency that would make money laundering laws unenforceable.

But perhaps, if enough people get sufficiently worried about having their credit information stolen, there will be enough political pressure to get some country to either issue its own ecash or allow a bank to do so under its jurisdiction. Alternatively, perhaps some government strapped for cash will decide that issuing the world's first anonymous ecash looks like a good solution to the problem of raising revenue without raising taxes.

It does, of course, have to be a government that people elsewhere will trust not to take the money and run.

I've always believed that the prospect of people in illegal lines of business "laundering" their profits was a strawman. Even if that were a huge problem from enforcers' point of view, it wouldn't threaten their livelihoods (though in their defense, the crimes of kidnapping for ransom and hijacking transport for ransom ended as a direct result of every country, including the tax havens, agreeing to allow the real-time tracing of money movements in specific cases where the money is ransom).

I believe the real reason for "money laundering" laws is that the ability to move and store money anonymously would make it impossible to collect taxes at the levels needed to sustain a welfare state.

True, anonymous digital money would be the equivalent of such things as the numbered account and "bearer" shares or bonds, none of which have existed anywhere since about WW2. I have the impression that the whole Western world would at least impose sanctions on any country that enables their use, and I expect that anonymous digital money would draw the same reaction.

Thus it would take a country that is both willing and able to defy all of the world's major countries -- and yet can somehow convince investors that it won't use similar means to just keep their money. This reduces to the problem of defense.

My guess is that we will sooner see a government-based solution -- a digital money managed by a central data bank with every transaction known to government. Which is not too different from the banking system today, and yet would make "laundering" no longer possible except outside the system. They could even abolish cash and require that you use your card for everything. This idea has been floating around for decades, and I'm surprised it wasn't put in place right after 9/11. But the government continues to be quite able to make up phony emergencies and get most people to believe in them.

There are a couple things blocking government banks like the Fed from changing with the times: (1) they don't have a culture of innovation (to put it mildly), and (2) any competition with the private sector, unless already long established, is politically unacceptable. Business naturally regards any threat to its profit streams as a confiscation of property, and so does any conventionally pro-business politician.

Raw bitcoins do not look like an improvement over credit cards. They don't provide a way to follow up on fraudulent sales; you just lose the money. If you use bitcoins and also some form of intermediary to deal with fraud, it's not clear you've substantially improved on credit cards.

One thing that would greatly improve online purchasing is to adopt two-factor authentication, just like Google already provides for people that opt into it. In addition to requiring a credit card number for a payment, have some sort of challenge that your cell phone can respond to that is required before the payment goes through. Two-factor authentication takes the brunt out of the harm from a lost credit card number.

An additional thing that would help is to rotate the card number once in a while. Standard practice right now is for people to keep and use the exact same credit card number for years. Changing it once a year would help. Changing it on every transaction would be even better, and doing so is possible if you don't mind having to look at your phone every time you sign up with a new service.

>If you use bitcoins and also some form of intermediary to deal with fraud, it's not clear you've substantially improved on credit cards.

The obvious improvement is lower barriers to competition. The cost of setting up an cryptocurrency escrow is negligible compared to fitting alongside Mastercard and Visa - in which I assume there would be a huge number of regulatory barriers, especially considering the way a senator was able to call them up and block payments to Wikileaks with no due process.

Anonymous: I think the political cost of abolishing cash would be extremely high for whoever wanted to introduce that. The advantages would then fall mostly into the hands of his political opponents.

The difference between patriot act and such a measure is that abolishing cash imposes large and visible costs on each individual. This would be a currency reform squared and the party that introduced it could be sure not to get to power for at least a few next elections.

Democracy is a very crude tool, but those in power still cannot impose large costs on pretty much everyone and make it obvious that they are doing so. The Chinese government might be able to pull something like that off, but there still seems to be some sort of quasi-democracy within the communist party consisting of separate fractions instead of politican parties and that could still be sufficient to prevent something as unpopular as that.

And I don't think you can make a change such as that without making it obvious to every Joe Voter that it will cost him a lot.

My idea for limiting credit/debit card theft was a little less grandiose. I came up with it after reading of card skimming operations in Mendocino and Sonoma Counties where people used the self check out only to have their card numbers being used in Southern California within the hour.

My proposal was simply to use credit or debit cards specific to certain stores. For instance, I use a card lock gas station for fueling. That card is only good for the local card lock stations and some associated gas stations. You can't use it at Safeway or any other merchant. That would make it much less attractive to a thief than a Visa card that can be used anywhere.

One problem is you might then need a dozen business specific cards to use through the day, but I could deal with that myself.

Sure, the info could still be stolen, but since it could only be used in one or a couple businesses, its use would be much more risky and, again, less attractive to thieves.

I thought it was a good idea, although right after I came up with it I noticed the trend seemed to be going the opposite direction, with cards like those issued by Target being able to be used at more and more places than just Target.

Oh, and just for your personal info, a friend told me of a useful credit card application that might really help with card info being stolen over the internet:

I believe it's Bank of America that has some application where they'll issue you a one- time use credit card number for use making purchases online. You go to their web site, log in and let them know who you'll be buying stuff from. They might even include a cash limit on the amount of purchase. They give you a one time use credit card number and expiration date. You make your one purchase and the card number expires after that so it's useless.

I love that idea. It would be a bit of a hassle for those making a lot of online purchases but you wouldn't have to worry about someone getting your card number and using it elsewhere. You would still have to worry about someone hacking your BoA account, though, and getting themselves a card number charged to you.

The bitcoin infrastructure could be used (with a couple caveats) by an issuer and redeemer of a digital cash that uses (basically) the same protocol. A completely trusted party might be able to run a fiat currency on such terms; a slightly less trusted party would be able to at least peg a currency to some other standard by buying (redeeming) and selling (issuing) currency in exchange for (e.g.) dollars as it moved away from the peg.

(The caveats here are that you still need the "proof of work" etc., which means you still need to allow the distributed verifiers to claim some of your seignorage. I don't think you could avoid the possibility that this would ultimately be somewhat costly, though if your system gains acceptance I don't think it's necessary, either.)

Maybe your next novel should include a society using a payment/ledger technology that is entirely traceable, in which a proposal to use some physical commodity/object as a "bearer currency" is viewed as an obvious attempt to facilitate money laundering.

Fred: I can't imagine that I would remember all the card details. Also, you'd need to be able to transfer funds from one card to another, otherwise you'd be effectively reducing the value of your money every time you uploaded them to your site-specific paycard. And if you can do that, then a thief can do that as well. Of course, you would have your money more spread out, so if he can access one of your cards, he cannot access the others, but you can already have multiple ordinary debit cards to achieve the same effect.

@ Tibor: The way my gas card works is I get a bill in the mail each month (which I pay using a debit card online). I don't mind paying the paper bill. One problem with that is if someone got my gas card and starting using it, I wouldn't know it until I got my bill the next month.

Other cards could either send you a bill or, as in the case with Target,charge your checking account as is done with a regular debit card.

If the card is only used for one particular business, at least someone couldn't steal your card (or info) then go running around town buying stuff from any business. It wouldn't be nearly worth as much, although a card for a store like Target would allow them to buy all kinds of stuff just at one place.

As has already been pointed out, credit cards have a lot more protections than debit cards. Someone gets hold of your debit card, you're out of luck. I assume that's true whether it's a Visa or store specific card. If they clean out your checking account, that's it.

With an actual credit card, the bank supposedly eats any charges illegally made.

Fred: I see, I thought those were prepaid cards. Well, I have a weekly limit on my debit card that is hardwired and I even cannot change it (it is a part of the account that the card is linked to). It is about 1 thousand dollars. That is fine as I only use it for everyday shopping anyway and if someone gets the hold of my credit card information, he cannot spend all that much. Once I had to pay for a very expensive car repair (if I knew if advance they were going to charge me that much to repair my 14 year old Fiat Punto, I would not bother repairing it at all...but it was my mistake not to have them give me a maximum limit on price before I gave them the car to play with) which was the only case where the limit posed a problem.

Much of the world (including Canada) uses "chip and PIN" technology, which is a simple two-factor system. I use a "smart" card, which requires a PIN that hopefully only I know. The PIN is not stored or transmitted; instead the PIN is used cryptographically. The intent is that it is hard to create a valid charge with only a credit card number.However, Internet commerce still relies on CVV numbers. But getting the CVV numbers out of the POS data would help against the recent malware based attacks.